Privacy Policy

Introduction

Superior Care Group a provider of Residential Aged Care respects and upholds your rights to privacy protection under the applicable privacy legislation. This policy describes how we manage any personal information we have about you. It is designed to give individuals an understanding of the types of personal information we collect, and how it is used, stored, disclosed and able to be accessed. The policy also outlines how individuals can correct their personal information which is held by Superior Care Group, how to make a complaint about a breach of privacy, and how complaints will be handled.

This policy is freely available and can be accessed on our public website at www.superiorcare.com.au. Individuals who would like to request a copy of this policy in an alternate form, for example suitable for the vision impaired, or individuals from a non-English speaking background, may do so by contacting our office.

Individuals who wish to contact Superior Care Group about information privacy or their personal information can do so by contacting the Director at:

There are additional obligations for the management of sensitive information required by the Act.

Health information means information or an opinion about the health or a disability (at any time) of an individual; an individual’s expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual; that is also personal information; or other personal information collected to provide, or in providing, a health service; or

other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

What kinds of personal information do we collect and hold?

Superior Care collects the personal information of residents, their representatives, employees, and members of the public, suppliers, contractors and service providers. The personal information collected will depend on the nature of the individual’s relationship or interaction with Superior Care Group and its staff. Personal information will only be collected where it is reasonably necessary for, or directly related to, one or more of its functions or activities.

Superior Care may hold the following information about you: name, date of birth, gender, address and telephone contact, email address, financial information such as banking details, income, assets and pension status, occupation, health information, social circumstances information, general practitioner, referring doctor, next of kin / responsible person, health fund or insurer information, transaction details associated with services we provide to you, any additional information provided to us by you, any information you provide to us through customer satisfaction surveys or audits, photographic or video material. There are additional obligations for the management of sensitive information required by the Act. Sensitive information can include information about race or ethnicity, political opinions or membership, religious or philosophical beliefs, professional or trade association or union membership, sexual preferences or practices and criminal records. We collect information about our residents’ health and care needs and their medical history as it relates to the care and services we provide, information about our residents’ cultural, religious, linguistic and social needs, information about our clients’ interests, hobbies and community activities, and information any potential medical, social or workplace risks involved in providing care and services to the resident. Information about third parties is sometimes collected in the context of insurance claims.

Health information collected can include incident and accident reports, first aid records, workers compensation claims and documents, rehabilitation and attendance records, medical or other health service provider records, medical histories and other assessments for insurance or employment purposes.

How do we collect personal information?

Residents

We usually collect personal information in the following ways:

directly from the resident and/or their representatives

from residents’ health care providers and other persons/organisations who provide care and services to the resident

where relevant, from other aged care providers and aged care referral services.

We also receive information from the Commonwealth Government regarding our residents’ eligibility to pay certain fees and charges.

Employees and service providers

We collect information about our employees:

directly from the employees

through general background check processes such as criminal history checks

from other sources such as referees and employment agencies.

Information about suppliers, contractors and service providers and their employees is collected directly from our service providers.

Personal information in most cases is collected directly from the individuals and collected by way of several channels or methods: telephone, verbally, mail and email or via our website. Where information about you is collected from another person or organisation, it is dealt with according to the requirements of the Act.

Personal information can be collected when individuals make enquiries or complaints. It is sometimes collected whether it has been requested or not, for example when you send us your personal information without us asking for it.

Personal and business details of suppliers, contractors and service providers are collected when they interact with Superior Care Group, so that appropriate financial and business records can be maintained.

Personal information of job applicants and employees is also collected during the application process (whether or not successful) and during the period of employment, which may also include sensitive information. Health information can be collected when circumstances require that first aid be administered, for administering sick leave or carers leave, or where injury or insurance claims arise.

Closed Circuit TV (CCTV)

CCTV recording devices are in place to ensure the safety and security of residents, visitors and staff. The CCTV footage may only be used to investigate incidents, accidents, and work issues that could potentially negatively impact on resident health and wellbeing, and any issue related to the continued safety and health of residents, visitors or staff. The recordings made by CCTV are activated by movement sensors and the footage is securely held for 10 days, at which time automatic deletion occurs. CCTV footage can be downloaded and held if necessary as part of an ongoing investigation, with footage saved to file and held securely.

The CCTV recording equipment is located in a locked room with access limited to Superior Care management. Access to the CCTV system is secured and protected by password access. CCTV footage remains the property of Superior Care Group and will only be available to management, the police, and some government agencies in limited circumstances. If there is a legal requirement for a copy of the footage, it will only be made available via subpoena and with written clearance from legal advisors.

Residents, visitors and staff are made aware of the presence of CCTV recording devices through signage displayed at the entry to a facility. In order to protect personal privacy, footage will not be shown, used or shared in any other way except when required by law or Court order.

How do we store personal information?

Information is securely stored both in paper form and electronically at its head office and on site (eg. at the residential care facility). Authorised staff and service providers providing residents with care and services have access to personal and health information electronically.

Superior Care Group takes reasonable steps to ensure that the personal information it collects, holds, uses and discloses is accurate, up to date and complete, with reference to the purpose for which it is collected, used or disclosed. Information held is subject to regular reviews and audits for this purpose. Where it is determined that it is no longer necessary or legally required, reasonable steps are taken to de-identify or destroy the information.

Superior Care Group currently stores information using a combination of physical files and the following secure electronic document management systems:

resident health records are held in our Zeyar system;

residents financial and other person information is held in “IBA”;

employee personal information is held in “Virtual Roster”; and

policies and procedures more generally are held in “Superior Care Group”.

The majority of Superior Care Group’s servers are located in Australia, however, Zeyar servers are icloud based.

Security and access protocols are maintained in order to implement reasonable steps to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. Internal access controls and protocols ensure that only authorised staff can access personal information in circumstances where they are required to do so in the performance of their duties. Our IT system allows electronic file access to be tracked and audited to ensure that only authorised access to personal information has occurred.

For what purposes do we collect, hold, use and disclose personal information?

Residents

We collect, hold, use and disclose personal information about our residents for the primary purposes of providing care and services to our residents.

Where permissible, we disclose residents’ relevant personal information other persons/organisations who are involved in providing health services and other care and services to the resident. This can include the resident’s doctor and allied health service providers.

We also collect, hold, use and disclose residents’ information for the following purposes:

so that we can receive funding from government agencies in respect of our residents

in order to comply with our legal obligations under the Aged Care Act 1997 and other laws

so that we can improve our services through quality improvement activities such as audits, surveys and other quality improvement activities

for direct marketing

for the purposes of obtaining professional advice

Employees and service providers

We collect, hold, use and disclose information about our employees and services providers for following purposes:

to administer employment arrangements, personnel development and management responsibilities

to provide care and services to our residents

for quality improvement and marketing purposes

to meet our legal obligations such as the requirement to obtain criminal record checks for employees involved in providing care to our residents and workplace laws obligations.

Use of information

Personal information can only be used for the particular purpose for which it was collected (known as the “primary purpose”), unless certain exceptions apply. Personal information can be used for secondary or other purposes where consent has been obtained, where it is reasonably expected to be used for a related purpose, where required or authorised by law or a Court/Tribunal order, where reasonably necessary for enforcement purposes conducted by or on behalf of an enforcement body, or where certain “permitted general situations” or “permitted health situations” exist.

Permitted General Situations

Permitted general situations are where circumstances exist involving serious threats to life, health or safety of any individual, or to public health or safety, suspected unlawful activity or serious misconduct, missing persons, legal or equitable claims and alternative dispute resolution processes.

Permitted Health Situations

Permitted health situations are where a range of specific circumstances apply in relation to the collection, use and disclosure of health information. They will exist where the information is necessary to provide a health service to the individual, and either the collection is required or authorised by or under an Australian law (other than the Privacy Act), or the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which govern activities of the organisation.

A permitted health situation will also exist where the collection is necessary for research relevant to public health or public safety, the compilation or analysis of statistics relevant to public health or public safety, or the management, funding or monitoring of a health service, and:

those purposes cannot be served by collecting de-identified information,

it is impracticable to obtain the individual’s consent, and

the collection is either required by or under an Australian law (other than the Privacy Act), in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation, or in accordance with approved guidelines.

A further permitted health situation will exist if the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety, and:

it is impracticable to obtain the individual’s consent to the use or disclosure,

the use or disclosure is conducted in accordance with approved guidelines, and

in the case of disclosure – the organisation reasonably believes that the recipient of the information will not disclose the information, or personal information derived from that information.

Permitted health situations arise in relation to genetic information about an individual if:

the organisation has obtained the information in the course of providing a health service to the individual,

the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of another individual who is a genetic relative of the individual,

the use or disclosure is conducted in accordance with approved guidelines, and

in the case of disclosure – the recipient of the information is a genetic relative of the individual.

Finally, a permitted health situation will arise when the organisation provides a health service to the individual, and:

the recipient of the information is a responsible person for the individual,

the individual is either physically or legally incapable of giving consent to the disclosure, or physically cannot communicate consent to the disclosure,

another individual providing the health service (the ‘carer’) is satisfied that either the disclosure is necessary to provide appropriate care or treatment of the individual, or the disclosure is made for compassionate reasons,

the disclosure is not contrary to any wish expressed by the individual before the individual became unable to give or communicate consent of which the carer is aware or of which the carer could reasonably be expected to be aware, and

the disclosure is limited to the extent reasonable and necessary for providing appropriate care or fulfilling compassionate reasons.

Superior Care Group uses personal information provided during enquiry processes for the purposes of fulfilling resident requests, providing personalised services, maintaining accounts and records, statistical analysis, conducting market research and marketing, and assessing and evaluating the use of our website. Personal information may also be used in conducting criminal record checking and employment screening, obtaining legal advice, and participating in legal proceedings.

Disclosure of or access to information

In most circumstances, we are restricted in how we may disclose your personal information. Personal information can only be disclosed for the particular purpose for which it was collected (known as the “primary purpose”), unless certain exceptions apply. Personal information can be disclosed for secondary or other purposes where we have consent to do so, where it is reasonably expected to be disclosed for a related purpose, where required or authorised by law or a Court/Tribunal order, where reasonably necessary for enforcement purposes conducted by or on behalf of an enforcement body, or where “permitted general situations” or “permitted health situations” as described above exist.

Circumstances where personal information may be disclosed broadly include compliance with statutory obligations, arranging for insurance, progressing insurance claims and meeting occupational health and safety obligations. Personal information of members of the public, residents, suppliers, contractors and service providers maybe disclosed for the purposes of fulfilling resident requests, providing personalised services, maintaining accounts and records, statistical analysis, conducting market research and marketing, and assessing and evaluating the use of our website.

Personal information may also be disclosed for residential application assessment, administration of resident agreements, and in some circumstances in obtaining references. Other circumstances where it may be disclosed include complaint management, security purposes, and administration of job applications and employment, which may include criminal record checking and employment screening. Personal information may also be disclosed in obtaining legal advice, and participating in legal proceedings.

Personal information may be given to State and Commonwealth government agencies and other individuals/organisations including loss adjusters, security companies, insurance companies and health service providers. It will only be disclosed to third parties where permitted by the Act, and only disclosed to Superior Care Group staff where necessary for the performance of their duties and where they are authorised to access it.

Direct Marketing

Superior Care Group may use or disclose personal information (other than sensitive information) for direct marketing purposes, where a simple means for the individual to opt out of direct marketing communications has been provided and where the individual has not done so.

If consent is obtained, sensitive information for direct marketing communications can be used.

How can you access and correct your personal information?

Access Requests

Requests made by individuals to access their personal information held by Superior Care Group will generally be granted, unless certain limited circumstances apply. Those circumstances may include where it is reasonably determined that granting access would pose a serious threat to the life, health, or safety of an individual or to public health or safety, where granting access would have an unreasonable impact on the privacy of other individuals, where the request is frivolous or vexatious, or where legal proceedings are on foot. Superior Care Group may also deny access in some circumstances where it is required to do so by law or access would be unlawful, where commercial negotiations or decision making processes may be prejudiced, where unlawful activity or serious misconduct is suspected, or where enforcement related activities may be prejudiced.

Superior Care Group responds to requests to access personal information within a reasonable period (usually 45 days but often sooner), and gives access to the information in the manner requested where it is reasonable and practicable. If access needs to be refused due to one of the above exceptions, Superior Care Group will take reasonable steps in the circumstances to provide access that meets the needs of Superior Care Group and the individual, including through using a mutually agreed intermediary.

If access is refused, Superior Care Group will give the individual a written notice which sets out the reasons for refusal, how to complain about the refusal, and where it relates to a commercially sensitive decision-making process, the reasons for refusal may include an explanation of the nature of the commercially sensitive decision.

Superior Care Group may require that reasonable charges be paid in respect of granting access to personal information, however the charges must not be excessive, and must not apply to the making of the request. Requests for access to personal information can be made by contacting our management or Director directly.

Requests to update or correct

If Superior Care Group holds personal information about an individual, and is satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading (having regard to the purpose for which it is held), or the individual requests that Superior Care Group correct the information, then we will take reasonable steps to correct the information to ensure that it is accurate, up to date, complete, relevant and not misleading.

When Superior Care Group corrects personal information that it previously disclosed to someone else, and the individual requests that we notify the other person of the correction, then Superior Care Group will take reasonable steps in the circumstances to give that notification unless it is impracticable or unlawful to do so. If in some circumstances we refuse to correct personal information as requested, we will provide the individual with a written notice that sets out the reasons for refusal, and how to complain about the refusal.

When Superior Care Group refuses to correct personal information as requested, and the individual requests Superior Care Group to add a statement to their record that the information is inaccurate, out of date, incomplete, irrelevant or misleading, then we will take reasonable steps in the circumstances to add the statement to the record in a manner that will make it apparent to users of the information. Superior Care Group will respond to requests to correct/update or add a statement within a reasonable period after the request is made, and will not charge the individual for the making of the request, the correction, or the adding of the statement.

Requests to update or correct personal information can be made by contacting our management directly. Requests will usually be met or responded to within 30 days.

How can you complain about a breach of the APPs?

All complaints concerning breaches of the Act and APPs will be examined, and unless they are considered frivolous or vexatious, will be investigated by the Superior Care Group director. Complaints should be submitted in writing directly to the Director via the contact details within this policy. Superior Care Group maintains a complaint register, and will investigate complaints concerning the mishandling of personal information, security breaches, and allegations of breaches of the Act and the APPs, and any matters which are referred from the Office of the Australian Information Commissioner (OAIC). Your complaint will be promptly acknowledged, and will be dealt with within a reasonable amount of time depending on the complexity of the matter. You will receive updates as to the progress of your complaint if the investigation takes longer than expected. Less complex complaints can usually be dealt with within 30 days; however more complex matters may take longer to resolve.

Where a notification of a breach of privacy, or a complaint about the handling of personal information is received, Superior Care Group directors will take immediate steps to contain the breach, which may involve securing or quarantining personal information or files which contain the personal information. A preliminary assessment will be conducted and any necessary actions taken. These actions may include notifying the individual(s) whose personal information is subject of the breach/complaint.

Where the preliminary assessment finds that the matter is complex or of a serious nature, independent investigators and/or legal advisors may be retained to assist with the investigation. All investigations will determine whether or not there appears to have been a breach of Superior Care Group’s obligations under the Act. At the conclusion of the investigation, recommendations may be made as to changes to information handling practices and protocols within Superior Care Group. The complainant (or if the matter was referred by it, the OAIC) will be informed of the outcome of the investigation, any relevant findings, and any actions taken as a result.

If the complainant is not satisfied with the investigation or the outcome, they may make a further complaint to the Office of the Australian Information Commissioner.